From: W. Felix Handte <w@felixhandte.com>
Date: Thu, 15 Aug 2019 18:24:45 +0000 (-0400)
Subject: Fix Buffer Overflow in Legacy (v0.3) Raw Literals Decompression
X-Git-Tag: v1.4.3^2^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a42bbb4e058063be8b61b3e00306eb6fb886a836;p=thirdparty%2Fzstd.git

Fix Buffer Overflow in Legacy (v0.3) Raw Literals Decompression
---

diff --git a/lib/legacy/zstd_v03.c b/lib/legacy/zstd_v03.c
index 7a0e7c9b6..dbc83f1ee 100644
--- a/lib/legacy/zstd_v03.c
+++ b/lib/legacy/zstd_v03.c
@@ -2530,6 +2530,7 @@ static size_t ZSTD_decodeLiteralsBlock(void* ctx,
             const size_t litSize = (MEM_readLE32(istart) & 0xFFFFFF) >> 2;   /* no buffer issue : srcSize >= MIN_CBLOCK_SIZE */
             if (litSize > srcSize-11)   /* risk of reading too far with wildcopy */
             {
+                if (litSize > BLOCKSIZE) return ERROR(corruption_detected);
                 if (litSize > srcSize-3) return ERROR(corruption_detected);
                 memcpy(dctx->litBuffer, istart, litSize);
                 dctx->litPtr = dctx->litBuffer;